Various computing environments and applications require users to provide credentials prior to allowing access to certain functionalities, data, or applications. For example, a user may be required to provide a username and password to be provided access to applications running within the context of an operating system, or to the operating system itself. In this context, an operating system will validate users for each application executing within that operating system. Alternately, a user may provide a domain username and domain password to a domain server, which in turn would manage access to domain resources (e.g., one or more computing systems and/or applications operable within the domain).
In some computing environments, servers or applications may use different security methods or different operating systems, each having different standards and settings for user credentials. These servers or applications could have, for example, a different set of minimum standards related to length and robustness of password strings, or a particular format for username or domain username notation, or different frequencies with which passwords must change.
Difficulties arise when a computing environment includes multiple such heterogeneous, yet interrelated systems having different management or settings for user authentication. Specifically, when one such system requires access to resources of a different system, those systems must be coordinated to allow such access to occur.
In applications or servers having heterogeneous authentication systems, typically a user will either provide credentials for each system separately, or will provide credentials for a first one of those authentication systems, which then stores a set of credentials used by a second authentication system. This second arrangement allows the authentication systems to coordinate and allow the user to access information in both applications or servers with a single login process. However, using the first authentication system to provide access to the second heterogeneous system does not provide reliable access to both systems, since the credentials (e.g., a username or password) for the user on the second heterogeneous system may change without the information stored in the first authentication system being updated.
Inclusion of remote access into such systems only exacerbates these problems. If a user wishes to access a set of computing systems having heterogeneous authentication systems from a remote location, that user typically must use a remote access protocol, such as the lightweight directory access protocol (LDAP). However, if user credentials in any of the heterogeneous authentication systems have changed, that remote access protocol would also not be notified of those changes. Therefore, when user credentials change, remote access would be prevented.
For these and other reasons, improvements are desirable.